Monday, February 10, 2025
HomeCryptocurrency hackWikipedia Page Linked with "Minr" Cryptojacking Malware Infected 3rd Party Website

Wikipedia Page Linked with “Minr” Cryptojacking Malware Infected 3rd Party Website

Published on

SIEM as a Service

Follow Us on Google News

Cryptojacking Malware called Minr infected website has been linked with Wikipedia Page that leads to mine the cryptocurrency Monero (XMR).

Wikipedia visitors who visiting the concern page and once a user clicks the link that pointed to the Malware infected website, the malicious script will be executed and visitor infected with “Minr” crypto-jacking malware.

Researchers found that many of the websites are running with an obfusticated script that infected to perform various malicious activities.

One of the infected site using a malicious HTML code that was generated by the well-known JJEncode obfuscator which is one of the popular for encrypting malicious code.

A few months ago, researchers discovered that  JJEncode obfuscator was once again in use: Minr cryptominer.

Description of the cryptojacking malware

Also, it begins used with many of the websites including web.clod[.]pw and Stati[.]bid.

Once the injected script was deobfuscated and analysis done by the sucuri Security researchers Reveals that malware had begun loading the Minr Malware from   web.stati[.]bid.

Past few years Cryptocurrency mining is a very easy method for cybercriminals to Generating the huge revenue by hijacking the Web- browser and injecting the malicious script and taking control of the CPU Usage from the Victims.

Mining cryptocurrencies in a legitimate way are quite resource consuming process, so attackers demanding ransom payments and infecting other computers to mine the cryptocurrencies.

Also Read:  Hackers Spreading Cryptocurrency Mining scripts via videos that Embedded in MS Office Word Documents

Cryptojacking Malware Linked With Wikipedia Page

Recently a Wikipedia page reverting a series of edits that was linked with the 3rd party site which infected with Minr malware.

One of the Wikipedia users Discovered that two serious of Wikipedia Edits was intended to link with malware site and he discussed whether the incident required the attention of Wikipedia administrators.

A Wikipedia User Edit the page about ‘Feminist views on transgender topics” and added a malicious third party link that involved to mining Monero.

This Incident has occurred on February 2nd and the same day  Minr cryptominer used  stati[.]bid the domain was registered.

According to Sucuri, The third-party site happened to be infected with the stati[.]bid malware, and another user who reviewed the edits a few hours later noticed the infection, reverted the changes, contacted the author of the changes and solicited advice in the Wikipedia:Teahouse.

Later it was concluded that there was no intention to linked with infected third party site and the pointed Wikipedia Page.

this type of attack primarily impacts WordPress sites where the obfuscated Minr miner is injected at the very top of the active theme’s header.php file. Sucuri Said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Ransomware Payments Plunge 35% as More Victims Refuse to Pay

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35%...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Malicious Solana Packages Attacking Devs Abusing Slack And ImgBB For Data Theft

Malicious packages "solanacore," "solana login," and "walletcore-gen" on npmjs target Solana developers with Windows...

PHP Servers Vulnerability Exploited To Inject PacketCrypt Cryptocurrency Miner

Researchers observed a URL attempts to exploit a server-side vulnerability by executing multiple commands...

The Defender vs. The Attacker Game

The researcher proposes a game-theoretic approach to analyze the interaction between the model defender...